SlideShare a Scribd company logo

Extended and embedding: containerd update & project use cases

Phil Estes
Phil Estes

The document provides an update on the containerd project during the 2020 FOSDEM, detailing its role as a container runtime that operates above lower level runtimes and below platforms like Docker and Kubernetes. It highlights containerd's graduation within the CNCF, its support across major cloud providers, and its use cases in various infrastructures, including Kubernetes and serverless environments. Additionally, the document outlines the project's governance, architecture, and examples of how to extend or embed containerd functionalities through custom plugins.

Software
1 of 27
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Extending and embedding: containerd project use cases A 2020 FOSDEM containerd project update Phil Estes Distinguished Engineer & CTO, IBM Cloud Platform CNCF containerd project maintainer
State of containerd
What is containerd ● A “Container runtime” ○ Below platforms (Docker, Kubernetes) ○ Above lower level runtimes (runc, Kata, Firecracker, gVisor) ● Resource Manager ○ Container processes ○ Image artifacts ○ Filesystem snapshots ○ Metadata and dependencies ● Tightly scoped ○ 100% maintainer approval required to increase scope ○ Built-in CRI plugin only scope increase
State of containerd ● 5th project to graduate within the CNCF - February 2019 ● Broad support and contribution from across the ecosystem ○ Over 200 individual contributors; represent > 100 companies ○ 13 maintainers represent 9 different companies ● All major cloud providers using containerd ● Supports Linux and Windows platforms, multiple architectures ● Added sub-projects to governance (Rust-based ttrpc; image encryption)
containerd 1.3 ● Windows support for shim V2 API ● Device mapper snapshotter (Amazon Firecracker team contribution) ● New plugin interface for processing layers (encryption, compression) ● (CRI) Support for per-pod container shim
In progress ● Remote snapshotter for sharing snapshots in a cluster ● cgroups v2 ● Windows CRI ● Mount and resource management ● Image encryption
Who is using containerd? ● Public Clouds ● Kubernetes Infra ● End Users ● DevOps Tools ● Custom Sandboxes
How is containerd used? ● Library ○ Go client API ■ oras, BuildKit, Weaveworks Ignite, IBM Cloud Functions, OpenFaaS “faasd”, Alibaba PouchContainer ○ Extensibility ■ Amazon ECR resolver, Azure Teleport, remote snapshotters [cvmfs, stargz] ○ Imports/Subprojects (cri-o use of containerd/cgroups) ● Kubernetes Runtime ○ CRI-containerd ■ IBM Kubernetes Service, GKE, Ticketmaster, Alibaba, microk8s, KinD, k3s, AWS Fargate ● Daemon ○ Docker, BuildKit
Embedding/Extending Use Cases
Architecture
API
API - CRI - CRI gRPC API exposed from containerd - Kubelet can be configured to use containerd as runtime
API - containerd - gRPC API, used by Go client - Low level access to components - Mirrors internal component interfaces - Snapshots, Content, Containers, Task, Events, etc
Core
Backend
Plugins
Plugins - Backend
Plugins - Backend - No re-compilation required - Proxy plugins for content store and snapshotters - Runtime shims are separate binaries implementing shim interface
Plugins - Client 1. Override services with service options 2. Customize push and pull with remote options type RemoteOpt func WithImageHandler(h images.Handler) RemoteOpt func WithImageHandlerWrapper(w func(images.Handler) images.Handler) RemoteOpt func WithResolver(resolver remotes.Resolver) RemoteOpt type ServicesOpt func WithContainerService(containerService containersapi.ContainersClient) ServicesOpt func WithContentStore(contentStore content.Store) ServicesOpt func WithDiffService(diffService diff.DiffClient) ServicesOpt func WithEventService(eventService EventService) ServicesOpt func WithImageService(imageService imagesapi.ImagesClient) ServicesOpt func WithLeasesService(leasesService leases.Manager) ServicesOpt func WithNamespaceService(namespaceService namespacesapi.NamespacesClient) ServicesOpt func WithSnapshotters(snapshotters map[string]snapshots.Snapshotter) ServicesOpt func WithTaskService(taskService tasks.TasksClient) ServicesOpt 2 1
Plugins - custom containerd binary ● Add a file with import to cmd/containerd/ in your fork. ● Create your own main.go of containerd package main import ( "fmt" "os" "github.com/containerd/containerd/cmd/containerd/command" // import built-in plugins from cmd/containerd/builtins.go _ "github.com/mygithub/customplugin" ) func main() { app := command.App() if err := app.Run(os.Args); err != nil { fmt.Fprintf(os.Stderr, "containerd: %sn", err) os.Exit(1) } }
Example Snapshotter Proxy Plugin // Snapshot service manages snapshots service Snapshots { rpc Prepare(PrepareSnapshotRequest) returns (PrepareSnapshotResponse); rpc View(ViewSnapshotRequest) returns (ViewSnapshotResponse); rpc Mounts(MountsRequest) returns (MountsResponse); rpc Commit(CommitSnapshotRequest) returns (google.protobuf.Empty); rpc Remove(RemoveSnapshotRequest) returns (google.protobuf.Empty); rpc Stat(StatSnapshotRequest) returns (StatSnapshotResponse); rpc Update(UpdateSnapshotRequest) returns (UpdateSnapshotResponse); rpc List(ListSnapshotsRequest) returns (stream ListSnapshotsResponse); rpc Usage(UsageRequest) returns (UsageResponse); } - implement Snapshotter gRPC API - backend requests are proxied to plugin
External snapshotter ● Configure with proxy_plugins ● Build as an external plugin [proxy_plugins] [proxy_plugins.customsnapshot] type = "snapshot" address = "/var/run/mysnapshotter.sock" package main import( "net" "log" "github.com/containerd/containerd/api/services/snapshots/v1" "github.com/containerd/containerd/contrib/snapshotservice" ) func main() { rpc := grpc.NewServer() sn := CustomSnapshotter() service := snapshotservice.FromSnapshotter(sn) snapshots.RegisterSnapshotsServer(rpc, service) // Listen and serve l, err := net.Listen("unix", "/var/run/mysnapshotter.sock") if err != nil { log.Fatalf("error: %vn", err) } if err := rpc.Serve(l); err != nil { log.Fatalf("error: %vn", err) } }
Runtime Plugins
Runtime shim v2 API ● Minimal and scoped to the execution lifecycle of a container ● Binary naming convention ○ Type io.containerd.runsc.v1 -> Binary containerd-shim-runsc-v1
Runtime Plugins - Task Service service Task { rpc State(StateRequest) returns (StateResponse); rpc Create(CreateTaskRequest) returns (CreateTaskResponse); rpc Start(StartRequest) returns (StartResponse); rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Pids(PidsRequest) returns (PidsResponse); rpc Pause(PauseRequest) returns (google.protobuf.Empty); rpc Resume(ResumeRequest) returns (google.protobuf.Empty); rpc Checkpoint(CheckpointTaskRequest) returns (google.protobuf.Empty); rpc Kill(KillRequest) returns (google.protobuf.Empty); rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty); rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty); rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty); rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty); rpc Wait(WaitRequest) returns (WaitResponse); rpc Stats(StatsRequest) returns (StatsResponse); rpc Connect(ConnectRequest) returns (ConnectResponse); rpc Shutdown(ShutdownRequest) returns (google.protobuf.Empty); }
How is containerd used? ● Library ○ Go client API ■ oras, BuildKit, Weaveworks Ignite, IBM Cloud Functions, OpenFaaS “faasd”, Alibaba PouchContainer ○ Extensibility ■ Amazon ECR resolver, Azure Teleport, remote snapshotters [cvmfs, stargz] ○ Imports/Subprojects (cri-o use of containerd/cgroups) ● Kubernetes Runtime ○ CRI-containerd ■ IBM Kubernetes Service, GKE, Ticketmaster, Alibaba, microk8s, KinD, k3s, AWS Fargate ● Daemon ○ Docker, BuildKit
Thank You!

More Related Content

What's hot (20)

PDF
containerd and CRI
Docker, Inc.
 
PDF
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
Phil Estes
 
PDF
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
PDF
Containerd + buildkit breakout
Docker, Inc.
 
PDF
Looking Under The Hood: containerD
Docker, Inc.
 
PDF
CRI, OCI, and CRI-O
Che-Chia Chang
 
PDF
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
PDF
Introduction to Kubernetes - Docker Global Mentor Week 2016
Opsta
 
PPTX
State of Builder and Buildkit by Tonis Tiigi (Docker)
Docker, Inc.
 
PDF
Introduction to Kubernetes Workshop
Bob Killen
 
PPTX
CRI-containerd
Moby Project
 
PDF
Top 3 reasons why you should run your Enterprise workloads on GKE
Sreenivas Makam
 
PDF
Getting started with kubernetes
Janakiram MSV
 
PPTX
Introduction kubernetes 2017_12_24
Sam Zheng
 
PDF
16. Cncf meetup-docker
Juraj Hantak
 
PDF
Managing kubernetes deployment with operators
Cloud Technology Experts
 
PPTX
Kubernetes and OpenStack at Scale
Stephen Gordon
 
PDF
Mirantis Contributions to Kubernetes Ecosystem
MoscowKubernetes
 
PDF
CNCF Projects Overview
Neependra Khare
 
PDF
The relationship between Docker, Kubernetes and CRI
HungWei Chiu
 
containerd and CRI
Docker, Inc.
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
Phil Estes
 
Bucketbench: Benchmarking Container Runtime Performance
Phil Estes
 
Containerd + buildkit breakout
Docker, Inc.
 
Looking Under The Hood: containerD
Docker, Inc.
 
CRI, OCI, and CRI-O
Che-Chia Chang
 
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
Introduction to Kubernetes - Docker Global Mentor Week 2016
Opsta
 
State of Builder and Buildkit by Tonis Tiigi (Docker)
Docker, Inc.
 
Introduction to Kubernetes Workshop
Bob Killen
 
CRI-containerd
Moby Project
 
Top 3 reasons why you should run your Enterprise workloads on GKE
Sreenivas Makam
 
Getting started with kubernetes
Janakiram MSV
 
Introduction kubernetes 2017_12_24
Sam Zheng
 
16. Cncf meetup-docker
Juraj Hantak
 
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Kubernetes and OpenStack at Scale
Stephen Gordon
 
Mirantis Contributions to Kubernetes Ecosystem
MoscowKubernetes
 
CNCF Projects Overview
Neependra Khare
 
The relationship between Docker, Kubernetes and CRI
HungWei Chiu
 

Similar to Extended and embedding: containerd update & project use cases (20)

PDF
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
PDF
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
Akihiro Suda
 
PPTX
containerd the universal container runtime
Docker, Inc.
 
PDF
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
PDF
containerd summit - Deep Dive into containerd
Docker, Inc.
 
PDF
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PDF
containerdの概要と最近の機能
Kohei Tokunaga
 
PDF
Containerd Project Update: FOSDEM 2018
Phil Estes
 
PDF
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
PDF
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
PDF
ConHub A Metadata Management System for Docker Containers
Aditya Pan
 
PDF
Docker Online Meetup #22: Docker Networking
Docker, Inc.
 
PDF
Leveraging the Power of containerd Events - Evan Hazlett
Docker, Inc.
 
PDF
The State of containerd
Moby Project
 
PDF
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
PPTX
Cloud technology with practical knowledge
AnshikaNigam8
 
PDF
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
PPTX
Docker and kubernetes
Dongwon Kim
 
PPTX
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
PDF
KubernetesNetworkingAndImplementation-Lecture.pdf
AnkitShukla661141
 
Introduction and Deep Dive Into Containerd
Kohei Tokunaga
 
[KubeCon EU 2021] Introduction and Deep Dive Into Containerd
Akihiro Suda
 
containerd the universal container runtime
Docker, Inc.
 
[KubeCon EU 2020] containerd Deep Dive
Akihiro Suda
 
containerd summit - Deep Dive into containerd
Docker, Inc.
 
20250617 [KubeCon JP 2025] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
containerdの概要と最近の機能
Kohei Tokunaga
 
Containerd Project Update: FOSDEM 2018
Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
20250403 [KubeCon EU] containerd - Project Update and Deep Dive.pdf
Akihiro Suda
 
ConHub A Metadata Management System for Docker Containers
Aditya Pan
 
Docker Online Meetup #22: Docker Networking
Docker, Inc.
 
Leveraging the Power of containerd Events - Evan Hazlett
Docker, Inc.
 
The State of containerd
Moby Project
 
Online Meetup: Why should container system / platform builders care about con...
Docker, Inc.
 
Cloud technology with practical knowledge
AnshikaNigam8
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
Docker and kubernetes
Dongwon Kim
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
KubernetesNetworkingAndImplementation-Lecture.pdf
AnkitShukla661141
 
Ad

More from Phil Estes (18)

PDF
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
Phil Estes
 
PDF
Giving Back to Upstream | DockerCon 2019
Phil Estes
 
PDF
What's Running My Containers? A review of runtimes and standards.
Phil Estes
 
PDF
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
PDF
It's 2018. Are My Containers Secure Yet!?
Phil Estes
 
PDF
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
PDF
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
PDF
Embedding Containerd For Fun and Profit
Phil Estes
 
PDF
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
PDF
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
PDF
AtlanTEC 2017: Containers! Why Docker, Why NOW?
Phil Estes
 
PDF
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Phil Estes
 
PDF
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Phil Estes
 
PDF
Containerize, PaaS, or Go Serverless!?
Phil Estes
 
PDF
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
PDF
Container Security: How We Got Here and Where We're Going
Phil Estes
 
PDF
Devoxx 2016: A Developer's Guide to OCI and runC
Phil Estes
 
PDF
Live Container Migration: OpenStack Summit Barcelona 2016
Phil Estes
 
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...
Phil Estes
 
Giving Back to Upstream | DockerCon 2019
Phil Estes
 
What's Running My Containers? A review of runtimes and standards.
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
It's 2018. Are My Containers Secure Yet!?
Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
Embedding Containerd For Fun and Profit
Phil Estes
 
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
Container Runtimes: Comparing and Contrasting Today's Engines
Phil Estes
 
AtlanTEC 2017: Containers! Why Docker, Why NOW?
Phil Estes
 
Quantifying Container Runtime Performance: OSCON 2017 Open Container Day
Phil Estes
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Phil Estes
 
Containerize, PaaS, or Go Serverless!?
Phil Estes
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Container Security: How We Got Here and Where We're Going
Phil Estes
 
Devoxx 2016: A Developer's Guide to OCI and runC
Phil Estes
 
Live Container Migration: OpenStack Summit Barcelona 2016
Phil Estes
 
Ad

Recently uploaded (20)

PPTX
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
PPTX
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
DOCX
Import Data Form Excel to Tally Services
Tally xperts
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PPTX
An Introduction to ZAP by Checkmarx - Official Version
Simon Bennetts
 
PPTX
Tally software_Introduction_Presentation
AditiBansal54083
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PDF
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
PDF
Executive Business Intelligence Dashboards
vandeslie24
 
PPTX
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
PDF
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
PPTX
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
PPTX
Engineering the Java Web Application (MVC)
abhishekoza1981
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PDF
Salesforce CRM Services.VALiNTRY360
VALiNTRY360
 
PPTX
Writing Better Code - Helping Developers make Decisions.pptx
Lorraine Steyn
 
PPTX
Platform for Enterprise Solution - Java EE5
abhishekoza1981
 
MiniTool Power Data Recovery Full Crack Latest 2025
muhammadgurbazkhan
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
Import Data Form Excel to Tally Services
Tally xperts
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
An Introduction to ZAP by Checkmarx - Official Version
Simon Bennetts
 
Tally software_Introduction_Presentation
AditiBansal54083
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
Beyond Binaries: Understanding Diversity and Allyship in a Global Workplace -...
Imma Valls Bernaus
 
Executive Business Intelligence Dashboards
vandeslie24
 
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
MiniTool Partition Wizard 12.8 Crack License Key LATEST
hashhshs786
 
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
Digger Solo: Semantic search and maps for your local files
seanpedersen96
 
Engineering the Java Web Application (MVC)
abhishekoza1981
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Salesforce CRM Services.VALiNTRY360
VALiNTRY360
 
Writing Better Code - Helping Developers make Decisions.pptx
Lorraine Steyn
 
Platform for Enterprise Solution - Java EE5
abhishekoza1981
 

Extended and embedding: containerd update & project use cases

  • 1. Extending and embedding: containerd project use cases A 2020 FOSDEM containerd project update Phil Estes Distinguished Engineer & CTO, IBM Cloud Platform CNCF containerd project maintainer
  • 3. What is containerd ● A “Container runtime” ○ Below platforms (Docker, Kubernetes) ○ Above lower level runtimes (runc, Kata, Firecracker, gVisor) ● Resource Manager ○ Container processes ○ Image artifacts ○ Filesystem snapshots ○ Metadata and dependencies ● Tightly scoped ○ 100% maintainer approval required to increase scope ○ Built-in CRI plugin only scope increase
  • 4. State of containerd ● 5th project to graduate within the CNCF - February 2019 ● Broad support and contribution from across the ecosystem ○ Over 200 individual contributors; represent > 100 companies ○ 13 maintainers represent 9 different companies ● All major cloud providers using containerd ● Supports Linux and Windows platforms, multiple architectures ● Added sub-projects to governance (Rust-based ttrpc; image encryption)
  • 5. containerd 1.3 ● Windows support for shim V2 API ● Device mapper snapshotter (Amazon Firecracker team contribution) ● New plugin interface for processing layers (encryption, compression) ● (CRI) Support for per-pod container shim
  • 6. In progress ● Remote snapshotter for sharing snapshots in a cluster ● cgroups v2 ● Windows CRI ● Mount and resource management ● Image encryption
  • 7. Who is using containerd? ● Public Clouds ● Kubernetes Infra ● End Users ● DevOps Tools ● Custom Sandboxes
  • 8. How is containerd used? ● Library ○ Go client API ■ oras, BuildKit, Weaveworks Ignite, IBM Cloud Functions, OpenFaaS “faasd”, Alibaba PouchContainer ○ Extensibility ■ Amazon ECR resolver, Azure Teleport, remote snapshotters [cvmfs, stargz] ○ Imports/Subprojects (cri-o use of containerd/cgroups) ● Kubernetes Runtime ○ CRI-containerd ■ IBM Kubernetes Service, GKE, Ticketmaster, Alibaba, microk8s, KinD, k3s, AWS Fargate ● Daemon ○ Docker, BuildKit
  • 11. API
  • 12. API - CRI - CRI gRPC API exposed from containerd - Kubelet can be configured to use containerd as runtime
  • 13. API - containerd - gRPC API, used by Go client - Low level access to components - Mirrors internal component interfaces - Snapshots, Content, Containers, Task, Events, etc
  • 14. Core
  • 18. Plugins - Backend - No re-compilation required - Proxy plugins for content store and snapshotters - Runtime shims are separate binaries implementing shim interface
  • 19. Plugins - Client 1. Override services with service options 2. Customize push and pull with remote options type RemoteOpt func WithImageHandler(h images.Handler) RemoteOpt func WithImageHandlerWrapper(w func(images.Handler) images.Handler) RemoteOpt func WithResolver(resolver remotes.Resolver) RemoteOpt type ServicesOpt func WithContainerService(containerService containersapi.ContainersClient) ServicesOpt func WithContentStore(contentStore content.Store) ServicesOpt func WithDiffService(diffService diff.DiffClient) ServicesOpt func WithEventService(eventService EventService) ServicesOpt func WithImageService(imageService imagesapi.ImagesClient) ServicesOpt func WithLeasesService(leasesService leases.Manager) ServicesOpt func WithNamespaceService(namespaceService namespacesapi.NamespacesClient) ServicesOpt func WithSnapshotters(snapshotters map[string]snapshots.Snapshotter) ServicesOpt func WithTaskService(taskService tasks.TasksClient) ServicesOpt 2 1
  • 20. Plugins - custom containerd binary ● Add a file with import to cmd/containerd/ in your fork. ● Create your own main.go of containerd package main import ( "fmt" "os" "github.com/containerd/containerd/cmd/containerd/command" // import built-in plugins from cmd/containerd/builtins.go _ "github.com/mygithub/customplugin" ) func main() { app := command.App() if err := app.Run(os.Args); err != nil { fmt.Fprintf(os.Stderr, "containerd: %sn", err) os.Exit(1) } }
  • 21. Example Snapshotter Proxy Plugin // Snapshot service manages snapshots service Snapshots { rpc Prepare(PrepareSnapshotRequest) returns (PrepareSnapshotResponse); rpc View(ViewSnapshotRequest) returns (ViewSnapshotResponse); rpc Mounts(MountsRequest) returns (MountsResponse); rpc Commit(CommitSnapshotRequest) returns (google.protobuf.Empty); rpc Remove(RemoveSnapshotRequest) returns (google.protobuf.Empty); rpc Stat(StatSnapshotRequest) returns (StatSnapshotResponse); rpc Update(UpdateSnapshotRequest) returns (UpdateSnapshotResponse); rpc List(ListSnapshotsRequest) returns (stream ListSnapshotsResponse); rpc Usage(UsageRequest) returns (UsageResponse); } - implement Snapshotter gRPC API - backend requests are proxied to plugin
  • 22. External snapshotter ● Configure with proxy_plugins ● Build as an external plugin [proxy_plugins] [proxy_plugins.customsnapshot] type = "snapshot" address = "/var/run/mysnapshotter.sock" package main import( "net" "log" "github.com/containerd/containerd/api/services/snapshots/v1" "github.com/containerd/containerd/contrib/snapshotservice" ) func main() { rpc := grpc.NewServer() sn := CustomSnapshotter() service := snapshotservice.FromSnapshotter(sn) snapshots.RegisterSnapshotsServer(rpc, service) // Listen and serve l, err := net.Listen("unix", "/var/run/mysnapshotter.sock") if err != nil { log.Fatalf("error: %vn", err) } if err := rpc.Serve(l); err != nil { log.Fatalf("error: %vn", err) } }
  • 24. Runtime shim v2 API ● Minimal and scoped to the execution lifecycle of a container ● Binary naming convention ○ Type io.containerd.runsc.v1 -> Binary containerd-shim-runsc-v1
  • 25. Runtime Plugins - Task Service service Task { rpc State(StateRequest) returns (StateResponse); rpc Create(CreateTaskRequest) returns (CreateTaskResponse); rpc Start(StartRequest) returns (StartResponse); rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Pids(PidsRequest) returns (PidsResponse); rpc Pause(PauseRequest) returns (google.protobuf.Empty); rpc Resume(ResumeRequest) returns (google.protobuf.Empty); rpc Checkpoint(CheckpointTaskRequest) returns (google.protobuf.Empty); rpc Kill(KillRequest) returns (google.protobuf.Empty); rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty); rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty); rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty); rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty); rpc Wait(WaitRequest) returns (WaitResponse); rpc Stats(StatsRequest) returns (StatsResponse); rpc Connect(ConnectRequest) returns (ConnectResponse); rpc Shutdown(ShutdownRequest) returns (google.protobuf.Empty); }
  • 26. How is containerd used? ● Library ○ Go client API ■ oras, BuildKit, Weaveworks Ignite, IBM Cloud Functions, OpenFaaS “faasd”, Alibaba PouchContainer ○ Extensibility ■ Amazon ECR resolver, Azure Teleport, remote snapshotters [cvmfs, stargz] ○ Imports/Subprojects (cri-o use of containerd/cgroups) ● Kubernetes Runtime ○ CRI-containerd ■ IBM Kubernetes Service, GKE, Ticketmaster, Alibaba, microk8s, KinD, k3s, AWS Fargate ● Daemon ○ Docker, BuildKit